Create and Configure the Solaris 10 Zones

Solaris 10 zones – it’s a virtualization technology which allows you to create isolated and secure environments for running applications. For end-users these environments look just like separate abstract machines with Solaris 10 installed on them. Inside each zone, all the processes don’t see anything happening in all the other zones on a system. Isolation is done on such a level that processes of one zone can’t see or affect processes of any other zone.

All of this is done on a software level, and by default every Solaris 10 machine has a global zone – only from this zone you can view processes of all the rest zones on your system. You probably didn’t even notice, but upon the completion of your Solaris 10 install, you’re immediately put into the global zone. It’s very easy to see this zone:

Zone types

Global zone – every installed OS acts like a global zone, which is present by default. All non-global zones can only be intalled, configured and administered from global zone.Non-global zone – They share the functioning of the kernel booted under the global zone. All the software and other resources are inherited from the global zone.Whole Root zone (Big zone) – It gets their own writable copy of all the file systems like /opt, /usr. It takes more disk space.Sparse root zone (Small zone) – File systems like /opt, /usr are shared from global zone as loopback file-system (you only have a read-only access to these directories in non-global zone). It takes very less disk space.Branded zones – These are solaris 8 or solaris 9 zones on the solaris 10 global zones.

Zone states:

Configured Configuration has been completed and storage has been committed. Additional configuration is still required.

Incomplete Zone is in this state when it is being installed or uninstalled.

Installed The zone has a confirmed configuration, zoneadm is used to verify the configuration, Solaris packages have been installed, even through it has been installed, it still has no virtual platform associated with it.

Ready (active) Zone’s virtual platform is established. The kernel creates the zsched process, the network interfaces are plumbed and filesystems mounted. The system also assigns a zone ID at this state, but no processes are associated with this zone.

Running (active) A zone enters this state when the first user process is created. This is the normal state for an operational zone.

Shutting down + Down (active) Normal state when a zone is being shutdown.

Zone Deamons :

zoneadm : Each zone will have a zoneadm associated with it and carries out the following actions: allocates the zone ID and starts the zsched process sets system-wide resource controls prepares the zone’s devices if any specified in the zone configuration plumbs the virtual network interface mounts any loopback or conventional filesystems

zsched The job of the zsched is to keep track of kernel threads running within the zone.

There are many ways to create a zone. This will show one possible approach to create a working zone. First create 2 new filesystems for your zone. One for its root area and one for its data area. You can use the newfs command to do this once you determine which partitions are available for use. For this example, we will use /dev/dsk/c0t1d0s0 and /dev/dsk/c0t1d0s3 for the root and data areas respectively.

You can use this procedure for multiple zones making sure that the filesystem, network, and attribute configurations are appropriately modified. I have created an additional zone in this manner called zone2 as you will see in the following zoneadm command outputs.

# zoneadm list -i
global

Notice that your new zone does not show up. It isn’t installed yet, it is just configured. Next we will install it.